Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

Technical Spec.exe

windows7-x64

10

Technical Spec.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    151s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/05/2023, 14:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Technical Spec.exe

  • Size

    1.5MB

  • MD5

    ebf99fc11603d1ec4706b4330761df32

  • SHA1

    c560ca5ae10593d7861701654d839d1071515866

  • SHA256

    693c258cb5620f7e8714d4afc7215e2c7dc16872265148341db23b639906eecb

  • SHA512

    d31c699f201343bd02c07bbf5d41e00df8368b81bfbb1d037fb4b1e1894fd3b8232e80b065845745fa6dab7f23d47efbb1d8b6a9143f5b7db0fb4a57395c4f4a

  • SSDEEP

    49152:NQh9Nn3uFcWIY2YZGIUtNlMpovD2i9c2:0/37Wp2YPUtNlMG7N

Score
10/10
blustealercollectionspywarestealer

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5797428905:AAGaRRXGZN1d9GGFd3sE5x4uSpCGF0PU4m4/sendMessage?chat_id=1251788325

Signatures

  • BluStealer

    A Modular information stealer written in Visual Basic.

    stealerblustealer
  • Executes dropped EXE 13 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses Microsoft Outlook profiles 1 TTPs 3 IoCs
    collection
  • Drops file in System32 directory 24 IoCs
  • Suspicious use of SetThreadContext 2 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies data under HKEY_USERS 64 IoCs
  • Script User-Agent 1 IoCs

    Uses user-agent string associated with script host/environment.

  • Suspicious behavior: EnumeratesProcesses 35 IoCs
  • Suspicious behavior: LoadsDriver 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 40 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 17 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware
  • outlook_office_path 1 IoCs
  • outlook_win_path 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Technical Spec.exe
    "C:\Users\Admin\AppData\Local\Temp\Technical Spec.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2616
    • C:\Users\Admin\AppData\Local\Temp\Technical Spec.exe
      "C:\Users\Admin\AppData\Local\Temp\Technical Spec.exe"
      2⤵
      • Drops file in System32 directory
      • Suspicious use of SetThreadContext
      • Drops file in Program Files directory
      • Drops file in Windows directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3568
      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
        3⤵
        • Accesses Microsoft Outlook profiles
        • outlook_office_path
        • outlook_win_path
        PID:3204
  • C:\Windows\System32\alg.exe
    C:\Windows\System32\alg.exe
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    PID:4428
  • C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
    C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
    1⤵
    • Executes dropped EXE
    PID:4132
  • C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
    1⤵
      PID:4524
    • C:\Windows\system32\fxssvc.exe
      C:\Windows\system32\fxssvc.exe
      1⤵
      • Executes dropped EXE
      • Modifies data under HKEY_USERS
      • Suspicious use of AdjustPrivilegeToken
      PID:4916
    • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
      "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
      1⤵
      • Executes dropped EXE
      PID:1216
    • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
      "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
      1⤵
      • Executes dropped EXE
      PID:1844
    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
      1⤵
        PID:2184
      • C:\Windows\System32\msdtc.exe
        C:\Windows\System32\msdtc.exe
        1⤵
        • Executes dropped EXE
        • Drops file in System32 directory
        • Drops file in Windows directory
        PID:1308
      • \??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
        "c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
        1⤵
          PID:2276
        • C:\Windows\SysWow64\perfhost.exe
          C:\Windows\SysWow64\perfhost.exe
          1⤵
          • Executes dropped EXE
          PID:3088
        • C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
          C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
          1⤵
          • Executes dropped EXE
          PID:4788
        • C:\Windows\system32\locator.exe
          C:\Windows\system32\locator.exe
          1⤵
            PID:4912
          • C:\Windows\System32\SensorDataService.exe
            C:\Windows\System32\SensorDataService.exe
            1⤵
            • Executes dropped EXE
            • Checks SCSI registry key(s)
            PID:1880
          • C:\Windows\System32\snmptrap.exe
            C:\Windows\System32\snmptrap.exe
            1⤵
              PID:4444
            • C:\Windows\system32\spectrum.exe
              C:\Windows\system32\spectrum.exe
              1⤵
              • Executes dropped EXE
              • Checks SCSI registry key(s)
              PID:3256
            • C:\Windows\System32\OpenSSH\ssh-agent.exe
              C:\Windows\System32\OpenSSH\ssh-agent.exe
              1⤵
                PID:916
              • C:\Windows\system32\TieringEngineService.exe
                C:\Windows\system32\TieringEngineService.exe
                1⤵
                • Executes dropped EXE
                • Checks processor information in registry
                • Suspicious use of AdjustPrivilegeToken
                PID:2516
              • C:\Windows\system32\svchost.exe
                C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
                1⤵
                  PID:1720
                • C:\Windows\system32\AgentService.exe
                  C:\Windows\system32\AgentService.exe
                  1⤵
                  • Suspicious use of AdjustPrivilegeToken
                  PID:4084
                • C:\Windows\System32\vds.exe
                  C:\Windows\System32\vds.exe
                  1⤵
                  • Executes dropped EXE
                  PID:828
                • C:\Windows\system32\vssvc.exe
                  C:\Windows\system32\vssvc.exe
                  1⤵
                  • Suspicious use of AdjustPrivilegeToken
                  PID:1928
                • C:\Windows\system32\wbengine.exe
                  "C:\Windows\system32\wbengine.exe"
                  1⤵
                  • Executes dropped EXE
                  PID:4160
                • C:\Windows\system32\wbem\WmiApSrv.exe
                  C:\Windows\system32\wbem\WmiApSrv.exe
                  1⤵
                    PID:2416
                  • C:\Windows\system32\SearchIndexer.exe
                    C:\Windows\system32\SearchIndexer.exe /Embedding
                    1⤵
                    • Modifies data under HKEY_USERS
                    • Suspicious use of AdjustPrivilegeToken
                    • Suspicious use of WriteProcessMemory
                    PID:1004
                    • C:\Windows\system32\SearchProtocolHost.exe
                      "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
                      2⤵
                      • Modifies data under HKEY_USERS
                      PID:3792
                    • C:\Windows\system32\SearchFilterHost.exe
                      "C:\Windows\system32\SearchFilterHost.exe" 0 912 916 924 8192 920 896
                      2⤵
                      • Modifies data under HKEY_USERS
                      PID:1496

                  Network

                  MITRE ATT&CK Enterprise v6

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
                    Filesize

                    1.4MB

                    MD5

                    8b874df108996d63e3f99c9737a9ce20

                    SHA1

                    f12215ac8434e45ee6dcb6dd08dacafeaae52a16

                    SHA256

                    bfcd138ab9327f75efc15e693f90faa137da91eccd60331249e70e4ed6f89e28

                    SHA512

                    fa1680ef520dd68c797ef209a33029930e4bcc1a057951ee875bf7a09eff2b72c57be5e7296dcb8f9160e0a115268facad14e62819642d922b3470951d5ff3a1

                    Download Submit

                  • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                    Filesize

                    2.1MB

                    MD5

                    85ad6df405644c05dc0be509ac631727

                    SHA1

                    a5ede5bfc24f62191e217c77916718cc15c0a964

                    SHA256

                    e75111aea7358060239a8970cf31156368cac434a5d3b178c44cb7b8821f25b6

                    SHA512

                    3f91c455ffd6ef96ecf615865e3613daf5f813e8f61dad069954ae041e14d43cf9aaebedb134becb06c502e5ff2169ad434e3e6fc4431379c5085bf9e0fa96cf

                    Download Submit

                  • C:\Windows\SysWOW64\perfhost.exe
                    Filesize

                    1.2MB

                    MD5

                    e4e818e2c90412fb8e27fb46174e7017

                    SHA1

                    aada9a1a9bde1656243699696e63070a720be24a

                    SHA256

                    e13280e41322219561cfc7f669915920fe8a783114a9f955836dedb854f2bb11

                    SHA512

                    ef9112736baa7b50d73b5ba65a5e12d0bc3c11771b621e11cfbbc76321cad55c701fa28dd8bef5ea3515c8327488f1c43da152e20310569b34e8a3cbf4fce52a

                    Download Submit

                  • C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
                    Filesize

                    1.3MB

                    MD5

                    1665a9731bd670c8b92887382b5a1132

                    SHA1

                    3bb68a1d6333620091ea3e3bd81b63dbefb2244b

                    SHA256

                    27f655bf63947aac6737e675dfcf9446cfac8793e3e3790aae3f88a85a32203b

                    SHA512

                    8fae5bba9e7fbfeabfce0ab293c71a0cd1e0fb3b17d77c8e04c52c4c2e197add35f5264de673f2edb2129e2df1cbdc159e4a9b8862b21ecbeb1fd4e2705df629

                    Download Submit

                  • C:\Windows\System32\FXSSVC.exe
                    Filesize

                    1.2MB

                    MD5

                    67d64e64dabd6852eec1c7a25f5d669e

                    SHA1

                    c60e202c80f75eafed33ac5d08c39563114cead5

                    SHA256

                    9b6b7a4654ce9421e0f55a7e8647266d71d70504ce0e757042ee1f0f174dde41

                    SHA512

                    766c22789313c57655ada403d0e3b4c877bf0675a73ae0dad905156e9f1627d1a3874a8d9ff87677fcc8dd59e62de2f6f5c82d853d6c57597ff84cd321e8ae50

                    Download Submit

                  • C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe
                    Filesize

                    1.3MB

                    MD5

                    f4197ec970a15d54135a7c9ee5f5850c

                    SHA1

                    7614097d70e69f0a42f22435da6f1da1aac6bb97

                    SHA256

                    d87bc4643cfd20285a267ed54a65e8c19c6bb3fdf516bbccbdefbbdb592e2963

                    SHA512

                    43e28e96d22f71d04e723ec7b61b90bbc611a97fa4189593bc23340f9ed3c89dd9b5399c197c3a09f1f0aba83d07ed3191062e541d4d18df18ecbfd8b66575ad

                    Download Submit

                  • C:\Windows\System32\SensorDataService.exe
                    Filesize

                    1.8MB

                    MD5

                    723fd306ddc0e2aead02e54d006dfa7c

                    SHA1

                    3505110617d31b8c9f39d21bfb963c3f3da2f8fb

                    SHA256

                    710ba8919b8e5951714eb0043804feac6f1c46d6463294be676bd11f1208fbbb

                    SHA512

                    bab9952a481245ed3d923a9642cbdea73022323bf0fbe3e9a979b0f031efb37cce1ab997ad058b92df9916e49692e287b600cb1093c037d38221825aa8a281f0

                    Download Submit

                  • C:\Windows\System32\Spectrum.exe
                    Filesize

                    1.4MB

                    MD5

                    44b21af93f22ef647de7c8cf6f18da4e

                    SHA1

                    b37aed738c86901adbb893901334b33637a8533b

                    SHA256

                    b04cdf3cbe3d418faa8420083a4c5f6a02b08714fde4de3d8289282adb7ddd7e

                    SHA512

                    848528059198300e440896208d56b5f3f18e65098367cbadb72093f0cdb895b218fbd14be1465e61e9b0d0b79fd078aa9af7a13978f3db080af865b71e4e4fbf

                    Download Submit

                  • C:\Windows\System32\TieringEngineService.exe
                    Filesize

                    1.5MB

                    MD5

                    de2a8c03bf03418614cd55d9fba895f1

                    SHA1

                    d5e5bc0d719fdb0b14d58f4dd7308ed82f606907

                    SHA256

                    932cf44072300921e58845708a7806b7a8754b372299b21068dc9e48ab653256

                    SHA512

                    77b1cd3f3951f3ebcafc9bfb5b128636216a26403237a7691a883d69c1ba1f2854d781d587d07de1d93c1884e0699042407ecbd5d2eafaf2155a622bf68f5f68

                    Download Submit

                  • C:\Windows\System32\alg.exe
                    Filesize

                    1.3MB

                    MD5

                    6d7312c6651824487fe8cf2748587cdd

                    SHA1

                    c62fbf053aa5e69b99ec8a9c30ae693a01ef8638

                    SHA256

                    05f8dde6801ed26b26898990b58d07fab0231a9e5654aab366a56a01426a2500

                    SHA512

                    7375992dbf0b594abde84c07acb2e02651998b7240609a728116985f63304a3d87612fd9bc561da68b3b9c5df4c75cbc5ae4534f0d7ae2e1c7bf8275c69319dc

                    Download Submit

                  • C:\Windows\System32\msdtc.exe
                    Filesize

                    1.4MB

                    MD5

                    f1351bdfdf8a02d46c048f5110273694

                    SHA1

                    731933905f1c0b3af3292a697b06a6e4eace60a4

                    SHA256

                    f1b21a4cf54b11d0dfb763773b585bf21cd6c21f5d7468cb92caf5b79a6ef1f7

                    SHA512

                    7430f2d7e43c4cd69e2866c7cbe18ce3d3c4c58ca505d631d743d0195cd52624d9b63b46122c750d0fdc82ba38a601fb6d6e0c50f19b765cc0e0fe1394db2f41

                    Download Submit

                  • C:\Windows\System32\vds.exe
                    Filesize

                    1.3MB

                    MD5

                    6493fb00119bcdad8c2fc4fb2db184ad

                    SHA1

                    71688bd0e27350aef9d12c6d1cbba644dd166879

                    SHA256

                    491ecbe08dfbbc53fb8d04c8d9aa767f6895d209b6ff5a5ff9ca61fdc17ec406

                    SHA512

                    d672346689a4ea891f60aad6d103bdecbcd9956f72d756550b350a0f47a3e956ddc630217247be5411a057eee4073e4d265fdcf6494af78d9cb78509e4d4e025

                    Download Submit

                  • C:\Windows\System32\wbengine.exe
                    Filesize

                    2.1MB

                    MD5

                    6b4a6b37ce39925734a0a22e7906a57a

                    SHA1

                    a787f25e170a3b23f3d17bc3ee2020907a7e0dd3

                    SHA256

                    9e47f229189dd93e3a39417dae5d9d2028bde2ecefcfbc6a827c60c1b220ad78

                    SHA512

                    4ec21f2f46a391fbaa3f440011eac5afceae56944678e955b7ac1321b7034473f314ac247cf4a56341eed224f505153819f6d590fb24470b6117da8fce149c44

                    Download Submit

                  • memory/828-353-0x0000000140000000-0x0000000140147000-memory.dmp

                    Filesize

                    1.3MB

                    Download

                  • memory/916-324-0x0000000140000000-0x0000000140259000-memory.dmp

                    Filesize

                    2.3MB

                    Download

                  • memory/1004-382-0x0000000140000000-0x0000000140179000-memory.dmp

                    Filesize

                    1.5MB

                    Download

                  • memory/1004-445-0x0000000140000000-0x0000000140179000-memory.dmp

                    Filesize

                    1.5MB

                    Download

                  • memory/1216-191-0x0000000000D20000-0x0000000000D80000-memory.dmp

                    Filesize

                    384KB

                    Download

                  • memory/1216-195-0x0000000140000000-0x0000000140237000-memory.dmp

                    Filesize

                    2.2MB

                    Download

                  • memory/1216-433-0x0000000140000000-0x0000000140237000-memory.dmp

                    Filesize

                    2.2MB

                    Download

                  • memory/1308-226-0x0000000000D30000-0x0000000000D90000-memory.dmp

                    Filesize

                    384KB

                    Download

                  • memory/1308-438-0x0000000140000000-0x0000000140210000-memory.dmp

                    Filesize

                    2.1MB

                    Download

                  • memory/1308-232-0x0000000140000000-0x0000000140210000-memory.dmp

                    Filesize

                    2.1MB

                    Download

                  • memory/1496-491-0x000001F0CC870000-0x000001F0CC880000-memory.dmp

                    Filesize

                    64KB

                    Download

                  • memory/1496-573-0x000001F0CC880000-0x000001F0CCA80000-memory.dmp

                    Filesize

                    2.0MB

                    Download

                  • memory/1496-494-0x000001F0CC880000-0x000001F0CCA80000-memory.dmp

                    Filesize

                    2.0MB

                    Download

                  • memory/1496-492-0x000001F0CC880000-0x000001F0CCA80000-memory.dmp

                    Filesize

                    2.0MB

                    Download

                  • memory/1496-576-0x000001F0CC880000-0x000001F0CCA80000-memory.dmp

                    Filesize

                    2.0MB

                    Download

                  • memory/1496-575-0x000001F0CC880000-0x000001F0CCA80000-memory.dmp

                    Filesize

                    2.0MB

                    Download

                  • memory/1496-490-0x000001F0CC860000-0x000001F0CC870000-memory.dmp

                    Filesize

                    64KB

                    Download

                  • memory/1496-495-0x000001F0CC880000-0x000001F0CCA80000-memory.dmp

                    Filesize

                    2.0MB

                    Download

                  • memory/1496-496-0x000001F0CC880000-0x000001F0CCA80000-memory.dmp

                    Filesize

                    2.0MB

                    Download

                  • memory/1496-493-0x000001F0CC880000-0x000001F0CCA80000-memory.dmp

                    Filesize

                    2.0MB

                    Download

                  • memory/1496-572-0x000001F0CC880000-0x000001F0CCA80000-memory.dmp

                    Filesize

                    2.0MB

                    Download

                  • memory/1496-574-0x000001F0CC880000-0x000001F0CCA80000-memory.dmp

                    Filesize

                    2.0MB

                    Download

                  • memory/1496-571-0x000001F0CC870000-0x000001F0CC880000-memory.dmp

                    Filesize

                    64KB

                    Download

                  • memory/1496-515-0x000001F0CCCD0000-0x000001F0CCCE0000-memory.dmp

                    Filesize

                    64KB

                    Download

                  • memory/1496-566-0x000001F0CCCD0000-0x000001F0CCCE0000-memory.dmp

                    Filesize

                    64KB

                    Download

                  • memory/1496-517-0x000001F0CCCD0000-0x000001F0CCCE0000-memory.dmp

                    Filesize

                    64KB

                    Download

                  • memory/1496-516-0x000001F0CCCD0000-0x000001F0CCCE0000-memory.dmp

                    Filesize

                    64KB

                    Download

                  • memory/1844-219-0x0000000000C00000-0x0000000000C60000-memory.dmp

                    Filesize

                    384KB

                    Download

                  • memory/1844-211-0x0000000000C00000-0x0000000000C60000-memory.dmp

                    Filesize

                    384KB

                    Download

                  • memory/1844-222-0x0000000140000000-0x0000000140221000-memory.dmp

                    Filesize

                    2.1MB

                    Download

                  • memory/1844-200-0x0000000000C00000-0x0000000000C60000-memory.dmp

                    Filesize

                    384KB

                    Download

                  • memory/1880-285-0x0000000140000000-0x00000001401D7000-memory.dmp

                    Filesize

                    1.8MB

                    Download

                  • memory/1880-436-0x0000000140000000-0x00000001401D7000-memory.dmp

                    Filesize

                    1.8MB

                    Download

                  • memory/1928-442-0x0000000140000000-0x00000001401FC000-memory.dmp

                    Filesize

                    2.0MB

                    Download

                  • memory/1928-350-0x0000000140000000-0x00000001401FC000-memory.dmp

                    Filesize

                    2.0MB

                    Download

                  • memory/2184-439-0x0000000140000000-0x000000014022B000-memory.dmp

                    Filesize

                    2.2MB

                    Download

                  • memory/2184-218-0x0000000000190000-0x00000000001F0000-memory.dmp

                    Filesize

                    384KB

                    Download

                  • memory/2184-205-0x0000000000190000-0x00000000001F0000-memory.dmp

                    Filesize

                    384KB

                    Download

                  • memory/2184-236-0x0000000140000000-0x000000014022B000-memory.dmp

                    Filesize

                    2.2MB

                    Download

                  • memory/2276-229-0x0000000140000000-0x0000000140226000-memory.dmp

                    Filesize

                    2.1MB

                    Download

                  • memory/2276-437-0x0000000140000000-0x0000000140226000-memory.dmp

                    Filesize

                    2.1MB

                    Download

                  • memory/2276-223-0x0000000000790000-0x00000000007F0000-memory.dmp

                    Filesize

                    384KB

                    Download

                  • memory/2416-444-0x0000000140000000-0x000000014021D000-memory.dmp

                    Filesize

                    2.1MB

                    Download

                  • memory/2416-380-0x0000000140000000-0x000000014021D000-memory.dmp

                    Filesize

                    2.1MB

                    Download

                  • memory/2516-441-0x0000000140000000-0x0000000140239000-memory.dmp

                    Filesize

                    2.2MB

                    Download

                  • memory/2516-325-0x0000000140000000-0x0000000140239000-memory.dmp

                    Filesize

                    2.2MB

                    Download

                  • memory/2616-137-0x00000000050F0000-0x0000000005100000-memory.dmp

                    Filesize

                    64KB

                    Download

                  • memory/2616-138-0x00000000050F0000-0x0000000005100000-memory.dmp

                    Filesize

                    64KB

                    Download

                  • memory/2616-136-0x0000000004F10000-0x0000000004F1A000-memory.dmp

                    Filesize

                    40KB

                    Download

                  • memory/2616-135-0x0000000004F80000-0x0000000005012000-memory.dmp

                    Filesize

                    584KB

                    Download

                  • memory/2616-139-0x0000000006E10000-0x0000000006EAC000-memory.dmp

                    Filesize

                    624KB

                    Download

                  • memory/2616-134-0x0000000005490000-0x0000000005A34000-memory.dmp

                    Filesize

                    5.6MB

                    Download

                  • memory/2616-133-0x00000000003C0000-0x000000000054A000-memory.dmp

                    Filesize

                    1.5MB

                    Download

                  • memory/3088-281-0x0000000000400000-0x00000000005EE000-memory.dmp

                    Filesize

                    1.9MB

                    Download

                  • memory/3204-196-0x0000000000520000-0x0000000000586000-memory.dmp

                    Filesize

                    408KB

                    Download

                  • memory/3256-440-0x0000000140000000-0x0000000140169000-memory.dmp

                    Filesize

                    1.4MB

                    Download

                  • memory/3256-323-0x0000000140000000-0x0000000140169000-memory.dmp

                    Filesize

                    1.4MB

                    Download

                  • memory/3568-150-0x0000000001550000-0x00000000015B6000-memory.dmp

                    Filesize

                    408KB

                    Download

                  • memory/3568-420-0x0000000000400000-0x0000000000654000-memory.dmp

                    Filesize

                    2.3MB

                    Download

                  • memory/3568-140-0x0000000000400000-0x0000000000654000-memory.dmp

                    Filesize

                    2.3MB

                    Download

                  • memory/3568-143-0x0000000000400000-0x0000000000654000-memory.dmp

                    Filesize

                    2.3MB

                    Download

                  • memory/3568-144-0x0000000001550000-0x00000000015B6000-memory.dmp

                    Filesize

                    408KB

                    Download

                  • memory/3568-149-0x0000000000400000-0x0000000000654000-memory.dmp

                    Filesize

                    2.3MB

                    Download

                  • memory/4084-346-0x0000000140000000-0x00000001401C0000-memory.dmp

                    Filesize

                    1.8MB

                    Download

                  • memory/4132-423-0x0000000140000000-0x0000000140200000-memory.dmp

                    Filesize

                    2.0MB

                    Download

                  • memory/4132-177-0x0000000000550000-0x00000000005B0000-memory.dmp

                    Filesize

                    384KB

                    Download

                  • memory/4132-169-0x0000000000550000-0x00000000005B0000-memory.dmp

                    Filesize

                    384KB

                    Download

                  • memory/4132-175-0x0000000140000000-0x0000000140200000-memory.dmp

                    Filesize

                    2.0MB

                    Download

                  • memory/4160-356-0x0000000140000000-0x0000000140216000-memory.dmp

                    Filesize

                    2.1MB

                    Download

                  • memory/4160-443-0x0000000140000000-0x0000000140216000-memory.dmp

                    Filesize

                    2.1MB

                    Download

                  • memory/4428-157-0x00000000004A0000-0x0000000000500000-memory.dmp

                    Filesize

                    384KB

                    Download

                  • memory/4428-163-0x00000000004A0000-0x0000000000500000-memory.dmp

                    Filesize

                    384KB

                    Download

                  • memory/4428-172-0x0000000140000000-0x0000000140201000-memory.dmp

                    Filesize

                    2.0MB

                    Download

                  • memory/4444-321-0x0000000140000000-0x00000001401ED000-memory.dmp

                    Filesize

                    1.9MB

                    Download

                  • memory/4788-279-0x0000000140000000-0x0000000140202000-memory.dmp

                    Filesize

                    2.0MB

                    Download

                  • memory/4912-284-0x0000000140000000-0x00000001401EC000-memory.dmp

                    Filesize

                    1.9MB

                    Download

                  • memory/4916-181-0x0000000000800000-0x0000000000860000-memory.dmp

                    Filesize

                    384KB

                    Download

                  • memory/4916-193-0x0000000140000000-0x0000000140135000-memory.dmp

                    Filesize

                    1.2MB

                    Download

                  • memory/4916-187-0x0000000000800000-0x0000000000860000-memory.dmp

                    Filesize

                    384KB

                    Download

                  • memory/4916-198-0x0000000000800000-0x0000000000860000-memory.dmp

                    Filesize

                    384KB

                    Download

                  • memory/4916-202-0x0000000140000000-0x0000000140135000-memory.dmp

                    Filesize

                    1.2MB

                    Download